SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   HPE OpenView Network Node Manager Vendors:   HPE
HP OpenView Storage Data Protector Flaws Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1023361
SecurityTracker URL:  http://securitytracker.com/id/1023361
CVE Reference:   CVE-2007-2280, CVE-2007-2281   (Links to External Site)
Date:  Dec 17 2009
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): OpenView Data Protector Application Recovery Manager v5.50 and v6.0
Description:   A vulnerability was reported in HP OpenView Storage Data Protector. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted data to execute arbitrary code on the target system. The code will run with the privileges of the target service.

Tenable Network Security via TippingPoint and Pedram Amini and Aaron Portnoy of TippingPoint DV Labs reported this vulnerability.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   The vendor has issued a fix.

B.11.11, B.11.23, B.11.31 (PA), OV DP6.0 (Cell Server): PHSS_36588
B.11.11, B.11.23, B.11.31 (PA), OV DP6.0 (Core): PHSS_36622
B.11.23, B.11.31 (IA-64), OV DP6.0 (Cell Server): PHSS_36589
B.11.23, B.11.31 (IA-64), OV DP6.0 (Core): PHSS_36623
B.11.11, B.11.23 (PA), OV DP5.50 (Cell Server): PHSS_36799
B.11.11, B.11.23 (PA), OV DP5.50 (Core): PHSS_37382
B.11.23 (IA-64), OV DP5.50 (Cell Server): PHSS_36800
B.11.23 (IA-64), OV DP5.50 (Core): PHSS_37383
Solaris 2.8, 2.9, 2.10, OV DP6.0 (Cell Server): DPSOL_00290
Solaris 2.8, 2.9, 2.10, OV DP6.0 (Core): DPSOL_00294
Solaris 2.7, 2.8, 2.9, OV DP5.50 (Cell Server): DPSOL_00300
Solaris 2.7, 2.8, 2.9, OV DP5.50 (Core): DPSOL_00321
RedHat 4AS-x86_64, RedHat 4ES-x86_64, OV DP6.0 (Cell Server): DPLNX_00025
RedHat 4AS-x86_64, RedHat 4ES-x86_64, OV DP6.0 (Core): DPLNX_00029
Windows 2000/2003/XP, OV DP6.0 (Cell Server): DPWIN_00337
Windows 2000/2003/XP, OV DP6.0 (Core): DPWIN_00329
Windows 2000/2003/XP, OV DP5.50 (Cell Server): DPWIN_00208
Windows 2000/2003/XP, OV DP5.50 (Core): DPWIN_00359

The vendor's advisory is available at:

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01124817

Vendor URL:  h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01124817 (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Red Hat Enterprise), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (2000), Windows (2003), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC